United States Ex Rel. Sheldon v. Kettering Health Network , 2016 FED App. 0059P ( 2016 )

                          RECOMMENDED FOR FULL-TEXT PUBLICATION
Pursuant to Sixth Circuit I.O.P. 32.1(b)
File Name: 16a0059p.06
UNITED STATES COURT OF APPEALS
FOR THE SIXTH CIRCUIT
_________________
UNITED STATES      OF   AMERICA ex rel. VICKI          ┐
SHELDON,                                               │
Relator-Appellant,    │
│
│
v.                                               >      No. 15-3075
│
│
KETTERING HEALTH NETWORK,                              │
Defendant-Appellee.     │
┘
Appeal from the United States District Court
for the Southern District of Ohio at Cincinnati.
No. 1:14-cv-00345—Timothy S. Black, District Judge.
Argued: October 8, 2015
Decided and Filed: March 7, 2016
Before: KEITH, CLAY, and WHITE, Circuit Judges.
_________________
COUNSEL
ARGUED: Robert F. Croskery, CROSKERY LAW OFFICES, Cincinnati, Ohio, for Appellant.
Natalie T. Furniss, BRICKER & ECKLER, LLP, Columbus, Ohio, for Appellee. ON BRIEF:
Robert F. Croskery, CROSKERY LAW OFFICES, Cincinnati, Ohio, for Appellant. Natalie T.
Furniss, Anne Marie Sferra, BRICKER & ECKLER, LLP, Columbus, Ohio, for Appellee.
_________________
OPINION
_________________
CLAY, Circuit Judge. Plaintiff Vicki Sheldon (“Relator,” in this qui tam action) appeals
from the district court’s order, entered on January 6, 2015, denying her motion for leave to
amend her complaint and granting Defendant Kettering Health Network’s (“KHN”) motion to
1
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network              Page 2
dismiss.   Relator alleges that KHN violated the False Claims Act (“FCA”), 31 U.S.C.
§ 3729(a)(1), by falsely attesting to compliance with the Health Information Technology for
Economic and Clinical Health Act (hereinafter “HITECH Act” or “the Act”), Pub. L. No. 111-5,
Title XIII, 123 Stat. 226 (2009), and by receiving “meaningful use” incentive payments as a
result. The district court held that Relator’s complaint failed to state a plausible claim, and
denied as futile Relator’s motion to amend. The district court held, in the alternative, that
Relator’s claims were precluded by a prior Ohio state court judgment in a case involving similar
claims filed by Relator against KHN.
For the reasons set forth below, we AFFIRM the district court’s order granting KHN’s
motion to dismiss and denying Relator’s motion to amend.
BACKGROUND
On April 29, 2014, Relator brought a qui tam action under the False Claims Act,
31 U.S.C. § 3730(b), against KHN in federal court, alleging KHN falsely certified its compliance
with certain provisions of the HITECH Act.
I.     The HITECH Act
Enacted in 2009, the HITECH Act was designed to encourage the adoption of
sophisticated electronic health record (“EHR”) technology by health care providers. See, e.g.,
Vadim Schick, After HITECH: HIPAA Revisions Mandate Stronger Privacy and Security
Safeguards, 37 J.C. & U.L. 403, 404 (2011). To that end, the Act creates incentive payments for
eligible health care providers (“providers”)—i.e. individual hospitals and health care
professionals—that demonstrate “meaningful use” of certified EHR technology.         42 C.F.R.
§ 495.2; see also 42 U.S.C. §§ 1395w-4(o), 1395ww(n) (establishing diminishing schedule for
incentive payments to encourage early adoption by eligible professionals and hospitals).
Incentive payments are calculated using a formula that takes account of each individual
provider’s volume of patients. See, e.g., 42 C.F.R. §§ 495.102(a)(1) (eligible professionals),
495.104(c)(2) (hospitals).
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                 Page 3
As a condition to receipt of incentive payments, the Act requires providers to meet
roughly two-dozen meaningful-use objectives and accompanying measures of compliance.
42 C.F.R. § 495.20; 42 U.S.C. §§ 1395w-4(o), 1395ww(n). Objectives and measures were
released in two stages; Stage 2, which went into effect on September 4, 2012, added additional
objectives and measures to the requirements for compliance with the Act. See Electronic Health
Record Incentive Program—Stage 2, 77 Fed. Reg. 53,968 (Sept. 4, 2012); 42 C.F.R.
§§ 495.20(h)–(m). After Congress passed the Act, the Centers for Medicare and Medicaid
Services (“CMS”), an agency of the Department of Health and Human Services, promulgated
specific standards for meeting these objectives. See, e.g., Medicare and Medicaid Programs;
Electronic Health Record Incentive Program, 75 Fed. Reg. 44314-01 (July 28, 2010).
The meaningful-use objective relevant here (hereinafter “the objective” or “security and
privacy objective”) requires providers to “[p]rotect electronic health information created or
maintained by the certified EHR technology through the implementation of appropriate technical
capabilities.” 42 C.F.R. §§ 495.20(d)(15)(i), (f)(14)(i), (j)(16)(i), (l)(15)(i) (establishing the
same security and privacy objective for different types of providers over different Stages of Act
implementation). To meet the objective during Stage 1 of Act implementation, providers were
required to “[c]onduct or review a security risk analysis in accordance with the requirements
under 45 C.F.R. § 164.308(a)(1) and implement security updates as necessary and correct
identified security deficiencies as part of [their] risk management process.”                

495.20(d)(15)(ii), (f)(14)(ii). During Stage 2, providers are additionally required to “address[]
the encryption/security of data stored in Certified EHR Technology in accordance with
requirements under” 45 C.F.R. §§ 164.312(a)(2)(iv) and 164.306(d)(3).                   42 C.F.R.
§§ 495.6(j)(16)(ii), (l)(15)(ii). To receive incentive payments, individual providers must legally
attest to meeting these standards.     See 

495.8.    Attestation is required at intervals
dependent upon the type of provider, the “EHR Incentive Program” chosen (Medicare or
Medicaid), and the reporting year. See 

495.4.
Both Stage 1 and Stage 2 measures for the security and privacy objective require
providers to comply with 45 C.F.R. § 164.308(a)(1), which contains security and privacy
standards established under the Health Insurance Portability and Accountability Act of 1996
No 15-3075             U.S. ex rel. Sheldon v. Kettering Health Network                 Page 4
(“HIPAA”).       Subsection (a)(1) requires health care providers to “[i]mplement policies and
procedures to prevent, detect, contain, and correct security violations.”          Specifically, the
subsection requires providers to:
(A) . . . Conduct an accurate and thorough assessment of the potential risks and
vulnerabilities to the confidentiality, integrity, and availability of electronic
protected health information held by the covered entity or business associate.
(B) . . . Implement security measures sufficient to reduce risks and vulnerabilities
to a reasonable and appropriate level to comply with § 164.306(a).
(C) . . . Apply appropriate sanctions against workforce members who fail to
comply with the security policies and procedures of the covered entity or business
associate.
(D) . . . Implement procedures to regularly review records of information system
activity, such as audit logs, access reports, and security incident tracking reports.

Stage 2 measures for the objective require providers to comply with two additional
HIPAA regulations—45 C.F.R. §§ 164.312(a)(2)(iv) and 164.306(d)(3)—that also contain
security standards.       42 C.F.R. §§ 495.6(j)(16)(ii), (l)(15)(ii).         The first standard,
§ 164.312(a)(2)(iv), requires providers to “[i]mplement a mechanism to encrypt and decrypt
electronic protected health information.”       The second standard, § 164.306(d)(3), requires
providers to implement such a mechanism if “reasonable and appropriate,” and if not, to
document why and implement “an equivalent alternative measure.”
II.     Relator’s first amended complaint
According to Relator’s first amended complaint, Defendant KHN is a network of
hospitals, medical facilities, and physicians that provide medical services. “[D]uring the past
several years,” the complaint asserts, KHN certified to the United States that it implemented a
system of protecting electronic protected health information (“e-PHI”) in accordance with
HITECH Act requirements, and it received meaningful-use payments as a result. (R. 4 at ¶ 5.)
KHN would submit this certification to the government by “checking ‘Yes’ to the question ‘Did
you conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement security
No 15-3075                  U.S. ex rel. Sheldon v. Kettering Health Network                            Page 5
updates as necessary and correct identified security deficiencies as part of its [sic] risk
management processes.’” (Id. at ¶ 25.)1
Relator alleges, however, that KHN’s attestations of compliance under the Act were
false. This allegation stems from two letters she received from KHN informing her that its
employees had impermissibly accessed her e-PHI.                      These letters, which were attached to
Relator’s original complaint, state that based on its own internal investigation, KHN discovered
Relator’s e-PHI had been accessed on several occasions by Relator’s (now former) husband,
Duane Sheldon, and others.2 Relator’s complaint asserts that while Duane Sheldon was serving
as a director for KHN, he began an affair with a subordinate employee, and together they
accessed Relator’s e-PHI in furtherance of that affair. The letters Relator received from KHN
also state that (1) “these instances of access are inappropriate/unauthorized and in violation of
[KHN] policy and procedure, as well as law,” (2) KHN was investigating these instances of
access “as a breach under the [HITECH Act],” and (3) KHN would be notifying the United
States Department of Health and Human Services of the breaches. (R. 1-1, Pg ID # 10–13.)
After Relator learned her e-PHI had been impermissibly accessed, she requested (through
counsel) that KHN provide her with specific e-PHI access reports generated by a software
system called “EPIC.” Relator asserts that KHN bought and implemented the EPIC software
system sometime before her e-PHI was breached. The complaint states that when properly
utilized, the EPIC system helps KHN to “maintain[] electronic health information,” and allows
approved persons to access medical information while protecting such information from
unapproved access. (R. 4 at ¶ 7.) With EPIC, health care providers can run a comprehensive
series of reports, known as “CLARITY” reports, which help providers monitor improper access
to e-PHI. Relator, who apparently has some personal familiarity with the EPIC software, lists
several of these reports by name in her complaint and asserts that EPIC’s training materials
1
However, the complaint does not state where or on what form KHN “checked ‘Yes’” to this question.
2
“Although matters outside of the pleadings are not to be considered by a court in ruling on a 12(b)(6)
motion to dismiss, documents attached to a motion to dismiss are considered part of the pleadings if they are
referred to in the plaintiff’s complaint and are central to the plaintiff’s claim.” Seaton v. TripAdvisor LLC, 

, 596 (6th Cir. 2013) (internal quotation marks and brackets omitted).
No 15-3075             U.S. ex rel. Sheldon v. Kettering Health Network                Page 6
suggest providers run such reports on a regular basis to safeguard against unauthorized access to
e-PHI.
Relator states that when she asked for specific CLARITY reports by name, KHN refused
to provide them.      Instead, KHN provided her with a series of “homegrown” reports that
contained inconsistent information regarding the users who had impermissibly accessed
Relator’s e-PHI. At some point, Relator discovered that her daughter and grandson’s e-PHI had
also been inappropriately accessed, and that their medical billing information had been
manipulated. Finally, Relator alleges that an employee who reported to Duane Sheldon routinely
ran an “expired medication report” containing the e-PHI of Relator and numerous other patients.
According to Relator, there was no reason for this employee to run that report, and the report sat
on an unmonitored printer for hours.
Based on these facts, the complaint avers that KHN’s attestation of compliance with the
HITECH Act’s security and privacy objective was false.
III.     Subsequent procedural history
On June 4, 2014, while her federal complaint was still under seal pending possible
government intervention, Relator filed a second suit against KHN in the Court of Common Pleas
for Montgomery County, Ohio. In this suit, Relator was joined by her daughter Haley Dercola
and grandson Tucker Dercola as plaintiffs, and together they alleged state torts arising from the
same breach of Relator’s and co-plaintiffs’ electronic health records.          They also alleged
violations of the Fair Credit Reporting Act, 15 U.S.C. § 1681, et seq., and the Fair Debt
Collection Practices Act, 15 U.S.C. § 1692, et seq., stemming from KHN’s alleged mishandling
of bills accumulated during Haley Dercola’s hospitalization while giving birth to Tucker.
On August 29, 2014, the United States filed a notice of election to decline intervention in
Relator’s qui tam action in federal court. That same day, the district court ordered the complaint
be unsealed.
On October 21, 2014, the Montgomery County Court of Common Pleas dismissed
Relator’s state action in its entirety for “failure to state a claim upon which relief can be
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                   Page 7
granted.” Sheldon v. Kettering Adventist HealthCare, 2014 CV 03304, at *3 (Montgomery Cty.
Ct. Com. Pl. 2014). The court based its dismissal on the fact that (1) “Every allegation related to
Plaintiff’s tort claims in the ‘facts’ section of the complaint revolves around KHN’s alleged
failure to run certain ‘Clarity reports,’ which Plaintiffs alleged were required of KHN under
HIPAA;” and (2) “HIPAA does not allow private causes of action, according to Ohio law.” 

that decision to the Court of Appeals of Ohio.
On November 12, 2014, KHN filed a motion to dismiss in the federal case arguing:
(1) Relator had failed to state a claim under the heightened pleading standards applicable to FCA
claims, and (2) the Ohio state court’s dismissal of Relator’s state case was res judicata, and
Relator’s federal claim was therefore precluded. On December 12, 2014, Relator filed a motion
to amend her complaint, attaching a proposed amended complaint that Relator argued “cures any
perceived defects in insufficient particularity.” (R. 14, Pg ID # 326.)
Relator’s proposed second amended complaint alleged that KHN’s breaches affected not
only Realtor and her family members, but also dozens of other people whose e-PHI was
mistakenly shared with Relator.         The proposed complaint further stated that to obtain
meaningful-use money from the federal government, KHN certified its compliance with the
HITECH Act on a yearly basis, and that such certification was required in 2011, 2012, and 2013.
Finally, the proposed complaint listed four KHN employees that Relator claimed “participated”
in KHN’s false certification of HITECH Act compliance.
On January 6, 2015, the district court issued an order denying Relator’s motion to amend
and granting KHN’s motion to dismiss under Rule 12(b)(6). The district court held that Relator
failed to plead her claims with sufficient particularity because she had not alleged a specific false
claim by KHN, and because she failed to plausibly plead that KHN did not meet the HITECH
Act’s standards. The court further held that because Relator’s proposed amended complaint
failed to cure these deficiencies, granting her leave to amend would be futile. Finally, as an
alternative basis for its decision, the district court noted that the factual allegations in Relator’s
federal case “are nearly identical to those underlying the state court action,” and therefore
Relator’s claims were barred by the doctrine of res judicata. (R. 19, Pg ID # 387.) Relator
timely appealed.
No 15-3075             U.S. ex rel. Sheldon v. Kettering Health Network                     Page 8
On August 14, 2015, the Court of Appeals of Ohio rendered its decision on Relator’s
state action. Sheldon v. Kettering Health Network, 

(Ohio Ct. App. 2015). The
court affirmed the dismissal of Relator’s state case and reiterated that her claims “stemmed from
KHN’s alleged failure to protect the privacy of the plaintiffs’ electronic medical information and
the improper accessing and disclosure of that information by KHN administrator Duane Sheldon,
the former spouse of Vicki Sheldon.” 

On September 25, 2015, Relator appealed that
decision to the Ohio Supreme Court. That appeal is currently pending.
DISCUSSION
I.      Standard of Review
We review de novo a district court’s dismissal of a suit pursuant to Rule 12(b)(6).
Riverview Health Inst. LLC v. Med. Mut. of Ohio, 

, 512 (6th Cir. 2010). A district
court’s order denying a Rule 15(a) motion to amend is typically reviewed for abuse of discretion.
Rose v. Hartford Underwriters Ins. Co., 

, 420 (6th Cir. 2000). However, where the
district court denies leave to amend because the complaint as amended would not withstand a
motion to dismiss under Rule 12(b)(6), that denial is reviewed de novo. Seaton v. TripAdvisor
LLC, 

, 596 (6th Cir. 2013) (discussing standard for denial of leave to amend for
“futility”). Likewise, we review de novo a district court’s application of the doctrine of res
judicata. Bragg v. Flint Bd. of Educ., 

, 776 (6th Cir. 2009).
II.     Analysis
A.      Pleading standards under the False Claims Act
The False Claims Act imposes liability on any person who “knowingly makes, uses, or
causes to be made or used, a false record or statement material to a false or fraudulent claim.”
31 U.S.C. § 3729(a)(1)(B); see also 

3730(b) (“A person may bring a civil action for a
violation of section 3729”). As with all claims, plaintiffs alleging violations of the FCA must
plead sufficient facts that, when taken as true, “state a claim to relief that is plausible on its face.”
Ashcroft v. Iqbal, 

, 678 (2009) (internal quotation marks omitted). “The district
court must construe the complaint in a light most favorable to the plaintiff, accept all of the
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                 Page 9
factual allegations as true, and determine whether the plaintiff undoubtedly can prove no set of
facts in support of his claims that would entitle him to relief.” Columbia Nat. Res., Inc. v.
Tatum, 

, 1109 (6th Cir. 1995).
In addition, “[c]omplaints alleging FCA violations must comply with Rule 9(b)’s
requirement that fraud be pled with particularity.” Chesbrough v. VPA, P.C., 

, 466
(6th Cir. 2011). Under Rule 9(b), a party alleging fraud or mistake “must state with particularity
the circumstances constituting fraud or mistake.” Fed. R. Civ. P. 9(b); see also U.S. ex rel.
SNAPP, Inc. v. Ford Motor Co., 

, 505 (6th Cir. 2008) (“SNAPP I”) (noting the
“knowledge” element of FCA claims “does not need to be pled with particularity”). Specifically,
a plaintiff must “allege the time, place, and content of the alleged misrepresentation . . . the
fraudulent scheme; the fraudulent intent of the defendants; and the injury resulting from the
fraud.” U.S. ex rel. Bledsoe v. Cmty. Health Sys., Inc., 

, 643 (6th Cir. 2003)
(“Bledsoe I”) (quoting Coffey v. Foamex L.P., 

, 161–62 (6th Cir. 1993)).
Importantly, Rule 9 should not be read to “reintroduce formalities to pleading.” U.S. ex
rel. Bledsoe v. Cmty. Health Sys., Inc., 

, 503 (6th Cir. 2007) (“Bledsoe II”); see also
SNAPP 

–04 (noting Rule 9’s heightened pleading standards “should not be
read to defeat the general policy of ‘simplicity and flexibility’ in pleadings contemplated by the
Federal Rules”). A complaint sufficiently pleads the time, place, and content of the alleged
misrepresentation so long as it “ensure[s] that [the] defendant possesses sufficient information to
respond to an allegation of fraud;” providing the defendant with sufficient information to
respond is Rule 9’s “overarching purpose.” SNAPP 

.
B.      Application to Relator’s amended and proposed amended complaints
To state a claim under the FCA, the plaintiff must sufficiently plead:
[1] that the defendant [made] a false statement or create[d] a false record [2] with
actual knowledge, deliberate ignorance, or reckless disregard of the truth or falsity
of the information; [3] that the defendant . . . submitted a claim for payment to the
federal government; . . . and [4] that the false statement or record [was] material
to the Government’s decision to make the payment sought in the defendant’s
claim.
No 15-3075               U.S. ex rel. Sheldon v. Kettering Health Network                          Page 10
U.S. ex rel. SNAPP, Inc. v. Ford Motor Co., 

, 509 (6th Cir. 2010) (“SNAPP II”).3
In dismissing Relator’s suit pursuant to Rule 12(b)(6), the district court identified two
deficiencies in the amended and proposed amended complaints—namely, failure to plead facts
sufficient to plausibly establish the [1] false statement and [3] claim for payment elements above.
These deficiencies are addressed in turn.
1.       Relator failed to plausibly allege that KHN’s attestation of HITECH
Act compliance was false
The FCA requires relators to establish “that the defendant [made] a false statement or
create[d] a false record.” SNAPP 

. We have held that “[w]hen a claim [for
payment] expressly states that it complies with a particular statute, regulation, or contractual
term that is a prerequisite for payment, failure to actually comply” satisfies this element. See

(citing Mikes v. Straus, 

, 697–99 (2d Cir. 2001)).
This theory of liability under the FCA is referred to as “false certification.” 

above, a relator’s pleadings of false certification must “contain[] ‘enough facts
to state a claim to relief that is plausible on its face.’” 

Atl. Corp. v. Twombly,

, 570 (2007)). “Plausibility is not the same as probability, but rather ‘asks for more
than a sheer possibility that a defendant has acted unlawfully.’” Ctr. for Bio-Ethical Reform, Inc.
v. Napolitano, 

, 369 (6th Cir. 2011) (“CBER”) (quoting 

).
And “[a]lthough a court must construe a complaint’s allegations in favor of the plaintiff, . . . and
must accept all factual allegations as true, . . . the court need not accept legal conclusions or
unwarranted factual inferences.” Debevec v. Gen. Elec. Co., 

, at *2 (6th Cir. 1997)
(table) (internal citations omitted).
3
As we noted in Chesbrough, Congress amended the FCA in 2009 in response to the Supreme Court’s
decision in Allison Engine Co. v. U.S. ex rel. Sanders, 

n.2 (citing the Fraud
Enforcement and Recovery Act, Pub. L. No. 111–21 (2009)). Allison held that the old language of
§ 3729(a)(1)(B)—at that time numbered § 3729(a)(2)—contained a specific intent requirement, such that liability
under the FCA required that the defendant made her false statement “to get” the government to pay a claim. 

old language of § 3729(a)(1)(B)). In response, Congress struck the words “to get” from the section,
thereby eliminating the specific intent requirement. 

reason, the above rule statement quoted from
SNAPP 

, omits the specific-intent element from that opinion’s summary of the elements of an
FCA claim.
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                  Page 11
In this case, Relator alleges that KHN falsely certified its compliance with the HITECH
Act’s requirements, and that KHN received meaningful-use incentive payments as a result. This
allegation is premised on two conclusions drawn from the facts outlined in her complaint: first,
that the individual breaches alleged in the complaint either constitute violations of the Act in
themselves or suggest KHN failed to implement security policies and procedures; and second,
that KHN’s failure to run CLARITY reports on a regular basis constituted a breach of its duties
under the Act. Because these conclusions are either facially implausible or based on incorrect
conclusions of law, we affirm the district court’s dismissal of Relator’s suit pursuant to Rule
12(b)(6).
i.       KHN’s alleged breaches of Relator’s e-PHI
Relator’s complaint alleges KHN’s individual breaches, by themselves, constituted
violations of the Act. Specifically, Relator argues: (1) KHN’s letters alerting Relator to breaches
of her e-PHI contained or constituted an admission that KHN violated the HITECH Act; and
(2) the impermissible running of the “expired medication report” constituted, in itself, a breach
of KHN’s duties under the HITECH Act. Relator also argues that when taken together, these
individual breaches suggest an absence of necessary policies or procedures.
To begin, Relator’s claim that KHN’s individual breaches each constituted a violation of
the HITECH Act is an incorrect conclusion of law. The Act’s implementing regulations require
providers to “[c]onduct or review a security risk analysis,” “implement security updates as
necessary,”   and   “correct   identified   security   deficiencies.”    See,   e.g.,   42   C.F.R.
§§ 495.6(d)(15)(ii), (f)(14)(ii). This language indicates that compliance is premised on the
process of analyzing and reviewing security policies and procedures; attestation of compliance is
not rendered false by virtue of individual breaches. See 

distributed by
CMS discussing compliance with the objective state that providers need not “fully mitigate all
risks” of e-PHI breaches before attesting to Act compliance. See CMS, Security Risk Analysis
Tipsheet: Protecting Patients’ Health Information 5 (Revised Dec. 2013), https://www.cms.gov/
Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/SecurityRisk
No 15-3075               U.S. ex rel. Sheldon v. Kettering Health Network                            Page 12
Assessment_FactSheet_Updated20131122.pdf.4 Instead, “[t]he EHR incentive program requires
correcting any deficiencies [in security] (identified during the risk analysis) . . . .” 

C.F.R. § 164.308(a)(1) requires health care providers to “[i]mplement
policies and procedures to prevent, detect, contain, and correct security violations.” The more
detailed regulations contained in subsection (a)(1)(ii) likewise indicate that individual breaches
do not negate compliance: those regulations state that risks should be reduced to a “reasonable
and appropriate level,” and that providers should “[a]pply appropriate sanctions against”
employees who violate security policies. 

plainly contemplates occasional
breaches of e-PHI. Thus, as KHN aptly states, “[t]he regulations . . . do not impose a strict
liability standard that requires hospitals to prevent all privacy breaches.” (Def.’s Br. at 11.)
For these reasons, KHN’s admissions that Relator’s e-PHI was improperly accessed
could not, by themselves, render “false” any of KHN’s attestations of Act compliance. The same
holds true for the impermissible running of the “expired medication report.”                          See 

(“[T]he general rule that the court must accept as true all allegations in the
complaint ‘is inapplicable to legal conclusions.’” (quoting 

)).
Relator’s complaint also states that these individual breaches, taken together, indicate a
lack of policies and procedures. Her proposed amended complaint adds no new facts to support
this claim. Assuming occasional breaches of e-PHI can support a reasonable inference that
security policies and procedures do not exist, Relator’s allegations fail to support such an
inference. See 

is plausible on its face if the plaintiff pleads factual content that
allows the court to draw the reasonable inference that the defendant is liable for the misconduct
alleged.” (emphasis added) (internal quotation marks omitted)).
Relator’s own allegations, which we must accept as true, indicate that KHN did have
policies and procedures in place. Those allegations assert that “[KHN] revealed that there had
4
The CMS website contains numerous resources (pertaining to the incentive program) distributed by
CMS over the years of HITECH Act implementation. See, e.g., CMS, Resources for Previous Years of the
HER Incentive Programs (last modified Dec. 18, 2015), https://www.cms.gov/Regulations-and-
Guidance/Legislation/EHRIncentivePrograms/RequirementsforPreviousYears.html. We reference this particular
document because it provides some clarity as to what the security and privacy objective required of providers during
Stage 1 of HITECH Act implementation.
No 15-3075               U.S. ex rel. Sheldon v. Kettering Health Network                           Page 13
been a breach of Relator Vicki Sheldon’s private electronic health records” in the two letters she
attached to her complaint. (R. 4 at ¶ 16.) Notably, these letters state that the breaches of
Relator’s e-PHI were “inappropriate/unauthorized and in violation of [KHN] policy and
procedure,” that KHN conducted an investigation, and that it would be notifying HHS of the
breach. (R. 1-1, Pg ID # 10, 12.) Even assuming, however, that these statements are not true,
that Relator even received such letters indicates that KHN has some procedure in place for
detecting unauthorized access to e-PHI, as well as a policy of investigating such unauthorized
access and notifying patients whose information was breached.
For these reasons, we agree with the district court’s conclusion that Relator’s allegations
that KHN lacked the requisite policies and procedures are not facially plausible. U.S. ex rel.
Sheldon v. Kettering Health Network, No. 1:14-CV-345, 

, at *5–6 (S.D. Ohio
Jan. 6, 2015).5
ii.      KHN’s alleged failure to run CLARITY reports on a regular
basis
In support of her claim that KHN falsely attested to HITECH Act compliance, Relator
relies on the following chain of inference: first, KHN’s failure/refusal to provide Relator with
CLARITY reports when asked indicated that it had not run them; second, KHN’s failure to run
CLARITY reports indicated that it “had failed to follow the usual steps and standards in the
industry to protect medical information” (R. 4 at ¶ 16); and third, failing to follow industry
standards by running CLARITY reports on a regular basis constituted a breach of KHN’s duties
under the HITECH Act. Relator’s proposed amended complaint does nothing to bolster this
chain of inference or the facts supporting it; the amended complaint merely adds the conclusory
allegation that “failure to use and run [CLARITY] reports and review them for violations
5
Relator’s complaint alleges that KHN violated the Act by “failing to implement policies and procedures
that allow only authorized persons to access electronic protected health information,” as required under 45 C.F.R.
§ 164.312(a) and (b). (See R. 4 at ¶¶ 26, 31.) But because the security and privacy objective references only
§§ 164.312(a)(2)(iv) and 164.306(d)(3), this allegation appears to be premised on a mistaken reading of the law.
42 C.F.R. §§ 495.6(j)(16)(ii), (l)(15)(ii). Section 164.312(a)(2)(iv) requires KHN to “[i]mplement a mechanism to
encrypt and decrypt electronic protected health information.” Relator’s complaint contains no allegations regarding
data encryption, and none of the facts stated in the complaint would permit an inference that KHN failed to
implement data encryption mechanisms. For these reasons, we do not discuss this issue further.
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network               Page 14
indicates that a provider has failed to implement policies and procedures for protecting patient
private health information.” (R. 14-1 at ¶ 10.)
Even assuming the cogency of the first two links in Relator’s inferential chain, the final
link is an incorrect conclusion of law. As we stated above, HITECH Act compliance is premised
on the process of conducting security risk analyses and correcting any security deficiencies
located thereby, see 42 C.F.R. §§ 495.6(d)(15)(ii), (f)(14)(ii), as well as implementing
appropriate policies and procedures. 45 C.F.R. § 164.308(a)(1). Neither the Act nor the HIPAA
regulations to which it refers require that providers adhere to a particular schedule for running
reports, or to purchase and use a particular brand of EHR software. See 

we agree
with the district court’s conclusion that “[t]he HITECH Act requires hospitals to implement a
system to protect e-PHI; it does not require covered entities to use a particular e-PHI product or
vendor or to run a specific type of monitoring report.” U.S. ex rel. Sheldon v. Kettering Health
Network, No. 1:14-CV-345, 

, at *4 (S.D. Ohio Jan. 6, 2015).
Because Relator’s claim that KHN’s attestation of HITECH Act compliance was false is
based either on implausible inferences or incorrect conclusions of law, we conclude that Relator
failed to adequately plead the “false statement” element of her FCA claim. See SNAPP 

.
2.     Relator failed to plead a specific claim for payment
The FCA requires relators to establish “that the defendant . . . submitted a claim for
payment to the federal government.” SNAPP 

. In this Circuit, there is “[a]
clear and unequivocal requirement that a relator allege specific false claims” when pleading a
violation of the FCA. Bledsoe II, 

. This requirement derives from the fact that “the
[FCA] statute attaches liability, not to the underlying fraudulent activity or to the government’s
wrongful payment, but to the ‘claim for payment.’” Sanderson v. HCA-The Healthcare Co.,

, 877–78 (6th Cir. 2006) (quoting United States v. Rivera, 

, 709 (1st Cir.
1995)); see also U.S. ex rel. Clausen v. Lab. Corp. of Am., 

, 1311 (11th Cir. 2002)
(“The submission of a claim is thus not . . . a ‘ministerial act,’ but the sine qua non of a False
Claims Act violation.”).
No 15-3075               U.S. ex rel. Sheldon v. Kettering Health Network                            Page 15
In SNAPP I, for example, the relator alleged that the defendant received, between
1991 and 2001, an undetermined number of government contracts based on fraudulent
misrepresentations made in reports filed annually with the federal 

.
The relator also alleged the approximate value of those contracts. 

these
details with specificity, 

dismissal of the relator’s complaint because the relator
had “not complied with Bledsoe II’s mandate that ‘[i]n order for a relator to proceed to discovery
on a fraudulent scheme,’ it must plead with specificity ‘characteristic example[s]’ that are
‘illustrative of [the] class’ of all claims covered by the fraudulent scheme.” 

–11); see also 

(“Rule 9(b) ‘does not permit a False
Claims Act plaintiff merely to describe a private scheme in detail but then to allege simply . . .
that claims requesting illegal payments must have been submitted, were likely submitted or
should have been submitted to the Government.’”).
This case is on all fours with SNAPP I. At its most specific, Relator’s complaint alleges
that KHN “falsely certified to the United States Government that it had complied with the
HITECH Act to collect ‘Meaningful Use’ monies” (R. 4 at ¶ 25) in an amount “believed to
exceed $75,000,000.00.” (Id. at ¶ 27.) Nowhere, however, does the complaint allege a specific
false claim for payment. Although Relator asserts KHN received government money “as a
result” of false certification, this equates to an allegation that claims “must have been submitted”
at some point—allegations explicitly held insufficient in 

. Thus, the
district court was correct in dismissing Relator’s complaint for, inter alia, failing to “identify
with specificity examples that are illustrative of the class of all claims covered by the fraudulent
scheme.” U.S. ex rel. Sheldon v. Kettering Health Network, No. 1:14-CV-345, 

,
at *6 (S.D. Ohio 2015).6
The additional facts in Relator’s proposed amended complaint likewise fail to meet the
FCA’s heightened pleading standards. The additional facts relevant here allege that KHN falsely
attested to its compliance with the HITECH Act on an annual basis, and that certification was
6
Tellingly, before filing her proposed amended complaint, Relator submitted a motion admitting that “[i]n
order for the Relator to answer the Defendant’s Motion to Dismiss on the issue of the heightened pleading standard .
. . Relator needs to possess information as to the time, date, place, and person making a HiTech certification.”
(R. 10, Pl.’s Mot. for Discovery, Pg ID # 299.) Relator’s amended complaint did not add such information.
No 15-3075               U.S. ex rel. Sheldon v. Kettering Health Network                            Page 16
“required . . . in 2011, 2012, and 2013.” (R. 14-1 at ¶ 23, Pg ID # 332.) Even with these
additional facts, however, Relator’s pleadings are insufficient under this Court’s holding in
SNAPP I because she fails to allege a characteristic example of a false claim for payment. The
Act’s implementing regulations establish that attestation is provider-specific: incentive payments
are calculated, in part, using the volume of patients that a particular hospital or professional
treated during the reporting year.           See 42 C.F.R. §§ 495.102(a)(1) (eligible professionals),
495.104(c)(2) (hospitals). CMS materials likewise suggest that meeting the security and privacy
objective requires review of the “physical safeguards” and security protocols at each individual
provider’s “facility and other places where patient data is accessed.” See CMS, Security Risk
Analysis Tipsheet: Protecting Patients’ Health Information 4 (Revised Dec. 

.
Relator’s proposed amended complaint states that KHN is “a network of hospitals,
medical facilities and physicians” (R. 14-1 at ¶ 4), and that KHN “serves as the records custodian
for many doctors and physicians” (id. at ¶ 25), but it fails to name a single hospital or
professional in KHN’s network for whom attestation was rendered “false” by virtue of KHN’s
allegedly deficient security protocols.           Relator’s allegations might create an inference that
security flaws affected all providers in KHN’s network.7 But this amounts to an allegation of a
broader fraudulent scheme. Under our holding in SNAPP I, “[i]n order for a relator to proceed to
discovery on a fraudulent scheme, it must plead with specificity characteristic example[s] that
are illustrative of [the] class of all claims covered by the fraudulent 

(internal quotation marks omitted).             Merely implying that attestations “must have been
submitted” by certain unnamed providers in the KHN network does not satisfy Rule 9(b). See id.
(quoting 

).8
7
This inference, however, is attenuated: Relator’s complaint contains no facts regarding KHN’s EHR
infrastructure, and it does not explicitly state whether Duane Sheldon was able to access Relator’s e-PHI because of
network-wide flaws in KHN’s security protocols or because of the flaws at the physical location of a particular
provider. This deficiency in Relator’s complaint is exemplified by her allegation that a KHN employee
impermissibly ran a report containing her e-PHI that “sat on an unmonitored printer for hours, allowing improper
access by any employee that chose to review it.” (R. 4 at ¶ 19; R. 14-1 at ¶ 20.) Yet, Relator does not state where
this printer is located.
8
The proposed amended complaint also states the names and titles of KHN employees allegedly involved
in KHN’s attestations of Act compliance. In Bledsoe II, we held that “while such information is relevant to the
inquiry of whether a relator has pled the circumstances constituting fraud with particularity, it is not mandatory.”
No 15-3075              U.S. ex rel. Sheldon v. Kettering Health Network                      Page 17
Relator argues on appeal that she has sufficient “first-hand knowledge” of KHN’s false
claims to satisfy Rule 9(b)’s heightened pleading standards. (Pl.’s Reply Br. at 13–16.) This
argument is similar to one made by the relators in 

. In that case, the
relators cited footnote 12 in Blesdoe 

, for the proposition that:
the requirement that a relator identify an actual false claim may be relaxed when,
even though the relator is unable to produce an actual billing or invoice, he or she
has pled facts which support a strong inference that a claim was submitted. Such
an inference may arise when the relator has “personal knowledge that the claims
were submitted by Defendants . . . for payment.”

that a “relaxed” standard—to the extent it even exists in this Circuit—was not
applicable in that case, we observed that cases applying a relaxed standard involved relators with
“personal knowledge” that was based either on working in the defendants’ billing departments,
or on discussions with employees directly responsible for submitting claims to the government.

(distinguishing Hill v. Morehouse Med. Assocs., Inc., 

(11th
Cir. August 15, 2003) (unpublished); United States v. R & F Prop. of Lake Cty., Inc., 

(11th Cir. 2005); U.S. ex rel. Lane v. Murfreesboro Dermatology Clinic, PLC, 

(E.D. Tenn. May 12, 2010)); see also U.S. ex rel. Marlar v. BWXT Y-12, L.L.C.,

, 446 (6th Cir. 2008) (declining to apply Bledsoe II’s “relaxed standard”).
As in Chesbrough, we need not decide whether a relaxed standard exists in this Circuit
because Relator lacks the “personal knowledge” necessary to qualify. Although Relator has
some personal knowledge regarding the nature of the alleged fraudulent certification—
specifically, knowledge of EPIC software and KHN’s alleged failure to use that software
effectively—such knowledge is not relevant to specific claims analysis. Relator does not claim
that she worked in KHN’s security or billing departments, or that she ever spoke with those
directly responsible for HITECH Act certification. And although her relationship with a KHN
employee likely provided her with additional insight into KHN’s policies and procedures,
Relator never alleges that this relationship gave her the sort of “personal knowledge” found in
cases applying a relaxed standard. See Chesbrough, 

–72. Thus, Relator lacks 

. Even so, Relator’s proposed amended complaint does not state for which provider(s) in KHN’s
network these employees submitted attestation.
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                   Page 18
personal knowledge necessary to “support a strong inference—rather than simply a possibility—
that a false claim was presented to the government.” 

For these reasons, Relator’s complaint and proposed amended complaint fail to satisfy
the “clear and unequivocal requirement that a relator allege specific false claims” when pleading
a violation of the FCA. Bledsoe II, 

. This deficiency, combined with Relator’s
failure to adequately plead a false claim, leads us to conclude that neither of Relator’s complaints
“contain[s] sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible
on its face.’” 

(quoting 

); see also In re
Omnicare, Inc. Sec. Litig., 

, 469 (6th Cir. 2014) (noting Twombly’s plausibility
requirement applies “to each element of the cause of action”).
C.      Res judicata
Although we ultimately agree with the district court’s determination that Relator’s
complaint fails to state a claim, we note that even had we felt differently, Relator’s claims would
likely be barred under the doctrine of res judicata. Thus, like the district court below, we
conclude that res judicata provides an alternative basis for dismissing Relator’s complaint.
Under the doctrine of res judicata, “a final judgment on the merits bars further claims by
parties or their privies based on the same cause of action.” Montana v. United States, 

, 153 (1979) (citations omitted). When evaluating whether a state-court judgment bars
further claims in a federal forum, “[f]ederal courts must give the same preclusive effect to a
state-court judgment as that judgment receives in the rendering state.” Abbott v. Michigan,

, 330 (6th Cir. 2007) (citing 28 U.S.C. § 1738). Thus, because KHN argues that the
Ohio state court’s decision precludes Relator’s federal action, we analyze the preclusive effect of
that decision under Ohio law.
In Grava v. Parkman Township, 

, 229 (Ohio 1995), the Ohio Supreme
Court held that “[a] valid, final judgment rendered upon the merits bars all subsequent actions
based upon any claim arising out of the transaction or occurrence that was the subject matter of
the previous action.” The court explained:
No 15-3075              U.S. ex rel. Sheldon v. Kettering Health Network                  Page 19
When a valid and final judgment rendered in an action extinguishes the plaintiff’s
claim pursuant to the rules of merger or bar . . ., the claim extinguished includes
all rights of the plaintiff to remedies against the defendant with respect to all or
any part of the transaction, or series of connected transactions, out of which the
action arose.

original) (quoting Restatement (Second) of Judgments § 24(1) (Am. Law Inst.
1982)).
In Hapgood v. City of Warren, 

(6th Cir. 1997), we distilled Grava’s holding
into a four-element test for establishing res judicata under Ohio law. There must be:
(1) a prior final, valid decision on the merits by a court of competent jurisdiction;
(2) a second action involving the same parties, or their privies, as the first; (3) a
second action raising claims that were or could have been litigated in the first
action; and (4) a second action arising out of the transaction or occurrence that
was the subject matter of the previous action.

see also Ohio ex rel. Boggs v. City of Cleveland, 

, 520 (6th Cir. 2011)
(“The party asserting the defense bears the burden of proof.”). These elements are addressed in
turn.
1.      Final decision on the merits
Under Ohio law, “a dismissal grounded on a complaint’s failure to state a claim upon
which relief can be granted constitutes . . . an adjudication on the merits. As a result, res judicata
bars refiling the claim.” State ex rel. Arcadia Acres v. Ohio Dep’t of Job & Family Servs.,

, 174 (Ohio 2009) (internal quotation marks omitted) (citing Ohio Civ. R. 41(B)).
Here, the Montgomery County Court of Common Pleas dismissed Relator’s state action in its
entirety for “failure to state a claim upon which relief can be granted.” Sheldon v. Kettering
Adventist HealthCare, 2014 CV 03304, at *3 (Montgomery Cty. Ct. Com. Pl. 2014).
Relator argues that this decision was not “final” because her state case involves “new law
that is still under review by an appellate Court, and, most probably, is on its way to the Ohio
Supreme Court however decided.” (Pl.’s Reply Br. at 10.) We addressed a similar argument in
Hapgood. 

n.3. In Hapgood, a federal district court granted the defendant
summary judgment on the ground of res judicata while the plaintiff’s case in Ohio state court
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                  Page 20
was on appeal. 

concluded that “[t]he pendency of an appeal . . . does not
prohibit application of claim preclusion. The prior state court judgment remains ‘final’ for
preclusion purposes, unless or until overturned by the appellate court.” 

v.
Lutheran Med. Ctr., 

, 532 (Ohio 1987)).
As with Hapgood, the fact that Relator’s state claims were on appeal when the federal
district court entered its judgment does not affect the analysis under res judicata. Thus, the “final
decision on the merits” element is met in this case.
2.      Second action involving the same parties
In Ohio, application of res judicata requires the parties to the first action be identical to,
or privies with, those in the second (precluded) action. Johnson’s Island, Inc. v. Danbury Twp.
Bd. of Trs., 

, 675 (Ohio 1982). Ohio courts “have applied a broad definition to
determine whether the relationship between the parties is close enough to invoke the doctrine” of
res judicata. Kirkhart v. Keiper, 

, 1092 (Ohio 2004). “Thus, a mutuality of
interest, including an identity of desired result, may create privity.” 

marks
omitted). In this case, both the Ohio and federal actions involve Relator as plaintiff and KHN as
defendant. Moreover, because the Ohio court entered judgment in Relator’s state action before
the federal district court, the federal case became the second action for res judicata purposes.
Relator appears to argue that the parties in her federal and state cases are different
because the state case “has two additional parties (Plaintiff Vicki Sheldon’s daughter and her
grandson) . . . .” (See Pl.’s Br. at 12.) The relevant inquiry for this element, however, is whether
the plaintiff and defendant in the precluded action were opposing parties in the first action; the
presence of additional plaintiffs does not affect the analysis. See, e.g., Awad v. Chrysler Grp.
LLC, No. 11-14082, 

, at *7 (E.D. Mich. Oct. 29 2013) (“There can be no
question that Chrysler was a defendant in both actions. That Chrysler is the only defendant in the
subsequent federal court action does not alter the analysis.”); Ray v. Citibank, N.A., No. 256322,

, at *2 (Mich. Ct. App. Nov. 29, 2005) (“It is also undisputed that plaintiff and
defendant were opposing parties in the federal action. Under federal law, it is immaterial for res
judicata purposes that the prior action included additional parties.”). Even if this were not the
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                 Page 21
case, the “mutuality of interest, including an identity of desired result” between the parties in
Relator’s federal and state actions, would be sufficient to satisfy this element.         

.
Relator also argues that because res judicata applies only to “subsequent” actions, this
element is not met because her federal case was the first action filed. This misstates the rule: the
relevant inquiry for res judicata is which action resulted in judgment first, not which action was
filed first. See, e.g., Lesher v. Lavrich, 

, 195 (6th Cir. 1986) (“[F]ederal courts must
give prior state court judgments the same preclusive effect they would have in the courts of that
state.” (emphasis added)). Thus, because the Ohio state court issued its final judgment first,
despite being the second action filed, Relator’s federal case is the “second” or “subsequent”
action for res judicata purposes.
For these reasons, the second element of res judicata is met in this case.
3.      The second action arises from claims that were or could have been
litigated in the first action
To apply res judicata in Ohio, it must be true that the claims in the precluded action
“could have been litigated in the first action.” 

. As the “could have”
phrasing implies, this element concerns only the legal possibility of bringing the disputed claims
in the previous action. See 

; see also 

–23
(holding res judicata not applicable where disputed claims were not ripe when previous action
commenced); Demsey v. Demsey, 488 F. App’x 1, 5–6 (6th Cir. 2012) (emphasizing that the
disputed claims “could have been” raised in the previous action); Doe ex rel. Doe v. Jackson
Local Sch. Dist., 422 F. App’x 497, 501 (6th Cir. 2011) (holding plaintiff could have litigated
disputed claim in previous action where state’s rules of civil procedure allowed such claims).
In this case, because the Ohio state court action was the first to reach a final adjudication
on the merits, the question is whether Relator could have raised her FCA claim in that action.
Below, the district court assumed that state courts have concurrent jurisdiction over FCA claims.
See generally U.S. ex rel. Sheldon v. Kettering Health Network, No. 1:14-CV-345, 

, at *6–7 (S.D. Ohio Jan. 6, 2015). Plaintiff did not challenge this assumption in the
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                 Page 22
district court and concedes the point on appeal.        (See Pl.’s Reply Br. at 11 (“concurrent
jurisdiction is present”).) In a recent case involving similar circumstances, we assumed without
deciding that state courts do possess concurrent jurisdiction over FCA claims. See United States
v. Chrysler Grp., LLC, 571 F. App’x 366, 369 (6th Cir. 2014). We do the same, and therefore
conclude that Relator “could have” brought her FCA claim in her state court action.
Relator argues that bringing her FCA and state tort claims in the same action would have
been tactically inconvenient because “the entire case would presumably have been under seal
and languished for months, without discovery . . . .” (Pl.’s Reply Br. at 7.) We addressed a
similar argument in Wilkins v. Jakeway, 

(6th Cir. 1999). In Wilkins, plaintiff’s
counsel argued that splitting FCA claims and other claims “allow[ed] counsel to immediately
commence discovery on those claims which were not sealed.”            

    Although we
ultimately held res judicata was inapplicable, we also stated:
Although we do not question the veracity of counsel’s intent, the fact remains
that, by bringing two different suits which present two different theories of the
case arising from the same factual situation, counsel has engaged in the precise
behavior the doctrine res judicata seeks to discourage. See generally Restatement
(Second) of Judgments § 24, 25 cmt. a, d (explaining that res judicata
extinguishes all claims arising out of the same transaction of [sic] series of
transactions. As such, a plaintiff is pressured to present all material relevant to
the claim in one action, including any and all theories of the case even where
those theories are based on different substantive grounds.). This type of duplicity
should be avoided at all costs.

with Wilkins’ reasoning. Notwithstanding any inconvenience to Relator, the
doctrine of res judicata commands attention to the burdens placed on defendants, courts, and the
integrity of judgments by allowing similar claims with identical facts to be re-litigated in a
second forum. See Restatement (Second) of Judgments § 24 cmt. d (Am. Law Inst. 1982)
(“When a defendant is accused of successive but nearly simultaneous acts, or acts which though
occurring over a period of time were substantially of the same sort and similarly motivated,
fairness to the defendant as well as the public convenience may require that they be dealt with in
the same action.”); 

n.4 (summarily rejecting plaintiff’s argument that
No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                   Page 23
“although both cases could have been litigated in the same action, it is questionable whether they
should have been litigated in the same case”).
For these reasons, the third element of res judicata is met in this case.
4.      Same transaction or occurrence as the previous action
Ohio’s res judicata doctrine precludes a second action based on the same “transaction, or
series of connected transactions, out of which the [first] action arose.” 

.   Quoting the Restatement (Second) of Judgments, Grava held that the second action
involves the same “transaction” if it concerns the same “common nucleus of operative facts.” 

(Second) of Judgments § 24 cmt. b (Am. Law Inst. 1982)). Although not
quoted in Grava, the full text of the paragraph in the Restatement using the “common nucleus of
operative facts” language states:
[i]n general, the expression [“transaction, or series of connected transactions”]
connotes a natural grouping or common nucleus of operative facts. Among the
factors relevant to a determination whether the facts are so woven together as to
constitute a single claim are their relatedness in time, space, origin, or motivation,
and whether, taken together, they form a convenient unit for trial purposes.
Though no single factor is determinative, the relevance of trial convenience
makes it appropriate to ask how far the witnesses or proofs in the second action
would tend to overlap the witnesses or proofs relevant to the first.
Restatement (Second) of Judgments § 24 cmt. b (Am. Law Inst. 1982).
Importantly, Grava held that this element does not require the claims in both actions to be
identical:
[res judicata] “applies to extinguish a claim by the plaintiff against the defendant
even though the plaintiff is prepared in the second action (1) To present evidence
or grounds or theories of the case not presented in the first action, or (2) To seek
remedies or forms of relief not demanded in the first 

(quoting Restatement (Second) of Judgments § 25 (Am. Law Inst. 1982));
see also 

(“That a number of different legal theories casting liability on an actor may
apply to a given episode does not create multiple transactions and hence multiple claims. This
remains true although the several legal theories . . . would emphasize different elements of the
facts.” (quoting Restatement (Second) of Judgments § 24 cmt. c)). In sum, satisfaction of this
No 15-3075             U.S. ex rel. Sheldon v. Kettering Health Network                 Page 24
element under Ohio law does not require that both cases involve identical causes of action, proof
of identical elements, or even the presentation of exactly the same evidence. See 

–83.
Yet, in this case, Relator’s state and federal cases are nearly identical: the vast majority
of the allegations in Relator’s state complaint involve either KHN’s failure to adequately utilize
EPIC’s CLARITY reports, or KHN’s alleged violation of HIPAA based on Duane Sheldon’s
improper access to Relator’s e-PHI.         These allegations are mirrored in Relator’s federal
complaint. In other words, the allegations underlying Relator’s state and federal claims are
related “in time, space, origin, [and] motivation.” Restatement (Second) of Judgments § 24 cmt.
b (Am. Law Inst. 1982). Moreover, because both the state and federal claims are based on
KHN’s alleged failure to satisfy HIPAA standards, those claims would “form a convenient unit
for trial purposes,” as “the witnesses or proofs in the [federal] action would tend to overlap the
witnesses or proofs relevant to the [state action].” 

reasons, we conclude that Relator’s state and federal cases share a “common
nucleus of operative facts,” 

, and that all four elements of res judicata
are therefore met in this case. Thus, res judicata provides an additional basis for our conclusion
that the district court did not err by dismissing Relator’s complaint and denying her leave to
amend.
CONCLUSION
For the foregoing reasons, we AFFIRM the district court’s order granting Defendant’s
motion to dismiss and denying Relator’s motion to amend.